Which of the following should be an information security manager's PRIMARY focus during the development of a critical system storing highly confidential data?

• A.Reducing the number of vulnerabilities detected
• B.Avoiding identified system threats
• C.Ensuring the amount of residual risk is acceptable
• D.Complying with regulatory requirement

Comment: *

Name: *

Email: *

Verification: *

Which of the following would provide the HIGHEST level of confidence in the integrity of data when sent from one party to another?

• A.Enforce multi-factor authentication (MFA) on both ends of the communication.
• B.Require data to be transmitted over a secure connection.
• C.Harden the communication infrastructure.
• D.Require files to be digitally signed before they are transmitted.

Comment: *

Name: *

Email: *

Verification: *

Several identified risks have been mitigated to an acceptable level with appropriate controls. Which of the following activities would BEST help to maintain acceptable risk levels?

• A.Frequent assessments of inherent risks
• B.Periodic reviews of changes to the environment
• C.Periodic cost-benefit analyses of the implemented controls
• D.Frequent assessments of risk action plans

Comment: *

Name: *

Email: *

Verification: *

When developing a security architecture, which of the following steps should be executed FIRST?

• A.Developing security procedures
• B.Defining a security policy
• C.Specifying an access control methodology
• D.Defining roles and responsibilities

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST approach for governing noncompliance with security requirements?

• A.Base mandatory review and exception approvals on residual risk,
• B.Base mandatory review and exception approvals on inherent risk.
• C.Require users to acknowledge the acceptable use policy.
• D.Require the steering committee to review exception requests.

Comment: *

Name: *

Email: *

Verification: *